Differences

This shows you the differences between two versions of the page.

--- docs:lxc [2014-05-13 18:33]
glen Links to thinfo changed to th
+++ docs:lxc [2015-10-05 11:15]
glen
@@ Line 20: / Line 20: @@
   * 3.8+ kernel [[http://docs.docker.io/en/latest/installation/kernel/|according]] to docker devs
   * [[package>lxc]] package
-  * cgroups mounted, use [[package>systemd]] or [[package>libcgroup]] for that.
+  * cgroups mounted, use [[package>systemd]] or [[package>libcgroup]] for that (edit and enable most groups in ///etc/cgconfig.conf// except debug)
+<note warning>Kernels with vserver support compiled in, do not work correctly with LXC
+  * [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/thread.html#23786]]
+  * http://www.paul.sladen.org/vserver/archives/201402/0015.html
+</note>
 ===== Guest creation =====
@@ Line 33: / Line 39: @@
 'test' created
-# lxc-ls --fancy
+# lxc-ls --fancy            (install python3-lxc for lxc-ls)
 NAME   STATE    IPV4           IPV6
 -----------------------------------
@@ Line 53: / Line 59: @@
 There are two versions of PLD available for guest systems:
-  * ac - [[:AcInfo|PLD 2.0 (Ac)]]
+  * ac - [[:ac|PLD 2.0 (Ac)]]
   * th - [[:th|PLD 3.0 (Th)]]
@@ Line 65: / Line 71: @@
 ===== Common problems / Useful tricks =====
+==== lxc-start has no output ====
+In case ''lxc-start -n test'' produces no output, ensure /dev/console is present in guest filesystem.
 ==== lxc-stop is not graceful ====
@@ Line 121: / Line 131: @@
 | vserver test stop | lxc-stop -n test |
 | vserver-stat | %%lxc-ls --fancy --running%% | you need ''python3-lxc'' installed for this tool |
-===== Sample configs =====
-==== config for network ====
-static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest.
+===== Network configs =====
+==== general ====
-  - uses ''macvlan''
+static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startup scripts, in general it's good idea to turn off there most of things
-  - that interface is NOT visible on host
-  - you can't filter it from host's firewall
-  - you HAVE to set mac. If not - on every container start you'll have different one (your router will not pass the traffic).
-  - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having macvlan interface visible)
+==== network using macvlan in bridge mode ====
+  - traffic from host to guest (and vice-versa) is NOT passed. external trafic works
+  - guest interface is NOT visible on host
+  - you can't filter guest straffic  from host's firewall
+  - host can use seme default interface with and without guests running.
+  - one have better to set static MAC address. If not - on every container start you'll have different MAC generated and your router may have problems with passing  traffic.
+  - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having guest macvlan interface visible)
 first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config.
@@ Line 157: / Line 169: @@
+==== network using bridged veth interfaces  ====
+==== More raeding about network ====
+[[http://containerops.org/2013/11/19/lxc-networking/|Elaborate article about configuring different types of network ]]
+===== Sample configs =====
 ==== full config ====

PLD Linux Distribution

User Tools

Site Tools

Differences

Page Tools